* @copyright PrestaShop * @license http://www.opensource.org/licenses/osl-3.0.php Open-source licence 3.0 * @version 1.3 * */ if (file_exists(dirname(__FILE__).'/../config/settings.inc.php')) include_once(dirname(__FILE__).'/../config/settings.inc.php'); include_once(dirname(__FILE__).'/../classes/MySQL.php'); abstract class Db { /** @var string Server (eg. localhost) */ protected $_server; /** @var string Database user (eg. root) */ protected $_user; /** @var string Database password (eg. can be empty !) */ protected $_password; /** @var string Database type (MySQL, PgSQL) */ protected $_type; /** @var string Database name */ protected $_database; /** @var mixed Ressource link */ protected $_link; /** @var mixed SQL cached result */ protected $_result; /** @var mixed ? */ protected static $_db; /** @var mixed Object instance for singleton */ private static $_instance; /** * Get Db object instance (Singleton) * * @return object Db instance */ public static function getInstance() { if(!isset(self::$_instance)) self::$_instance = new MySQL(); return self::$_instance; } public function __destruct() { $this->disconnect(); } /** * Build a Db object */ public function __construct() { $this->_server = _DB_SERVER_; $this->_user = _DB_USER_; $this->_password = _DB_PASSWD_; $this->_type = _DB_TYPE_; $this->_database = _DB_NAME_; $this->connect(); } /** * Filter SQL query within a blacklist * * @param string $table Table where insert/update data * @param string $values Data to insert/update * @param string $type INSERT or UPDATE * @param string $where WHERE clause, only for UPDATE (optional) * @param string $limit LIMIT clause (optional) * @return mixed|boolean SQL query result */ public function autoExecute($table, $values, $type, $where = false, $limit = false) { if (!sizeof($values)) return true; if (strtoupper($type) == 'INSERT') { $query = 'INSERT INTO `'.$table.'` ('; foreach ($values AS $key => $value) $query .= '`'.$key.'`,'; $query = rtrim($query, ',').') VALUES ('; foreach ($values AS $key => $value) $query .= '\''.$value.'\','; $query = rtrim($query, ',').')'; if ($limit) $query .= ' LIMIT '.intval($limit); return $this->q($query); } elseif (strtoupper($type) == 'UPDATE') { $query = 'UPDATE `'.$table.'` SET '; foreach ($values AS $key => $value) $query .= '`'.$key.'` = \''.$value.'\','; $query = rtrim($query, ','); if ($where) $query .= ' WHERE '.$where; if ($limit) $query .= ' LIMIT '.intval($limit); return $this->q($query); } return false; } /** * Filter SQL query within a blacklist * * @param string $table Table where insert/update data * @param string $values Data to insert/update * @param string $type INSERT or UPDATE * @param string $where WHERE clause, only for UPDATE (optional) * @param string $limit LIMIT clause (optional) * @return mixed|boolean SQL query result */ public function autoExecuteWithNullValues($table, $values, $type, $where = false, $limit = false) { if (!sizeof($values)) return true; if (strtoupper($type) == 'INSERT') { $query = 'INSERT INTO `'.$table.'` ('; foreach ($values AS $key => $value) $query .= '`'.$key.'`,'; $query = rtrim($query, ',').') VALUES ('; foreach ($values AS $key => $value) $query .= (($value === '' OR $value === NULL) ? 'NULL' : '\''.$value.'\'').','; $query = rtrim($query, ',').')'; if ($limit) $query .= ' LIMIT '.intval($limit); return $this->q($query); } elseif (strtoupper($type) == 'UPDATE') { $query = 'UPDATE `'.$table.'` SET '; foreach ($values AS $key => $value) $query .= '`'.$key.'` = '.(($value === '' OR $value === NULL) ? 'NULL' : '\''.$value.'\'').','; $query = rtrim($query, ','); if ($where) $query .= ' WHERE '.$where; if ($limit) $query .= ' LIMIT '.intval($limit); return $this->q($query); } return false; } /********************************************************* * ABSTRACT METHODS *********************************************************/ /** * Open a connection */ abstract public function connect(); /** * Get the ID generated from the previous INSERT operation */ abstract public function Insert_ID(); /** * Get number of affected rows in previous databse operation */ abstract public function Affected_Rows(); /** * Gets the number of rows in a result */ abstract public function NumRows(); /** * Delete */ abstract public function delete ($table, $where = false, $limit = false); /** * Fetches a row from a result set */ abstract public function Execute ($query); /** * Fetches an array containing all of the rows from a result set */ abstract public function ExecuteS($query, $array = true); /* * Get next row for a query which doesn't return an array */ abstract public function nextRow($result = false); /** * Alias of Db::getInstance()->ExecuteS * * @acces string query The query to execute * @return array Array of line returned by MySQL */ static public function s($query) { return Db::getInstance()->ExecuteS($query); } static public function ps($query) { $ret = Db::s($query); p($ret); return $ret; } static public function ds($query) { Db::s($query); die(); } /** * Get Row and get value */ abstract public function getRow($query); abstract public function getValue($query); /** * Returns the text of the error message from previous database operation */ abstract public function getMsgError(); } /** * Sanitize data which will be injected into SQL query * * @param string $string SQL data which will be injected into SQL query * @param boolean $htmlOK Does data contain HTML code ? (optional) * @return string Sanitized data */ function pSQL($string, $htmlOK = false) { if (_PS_MAGIC_QUOTES_GPC_) $string = stripslashes($string); if (!is_numeric($string)) { $string = _PS_MYSQL_REAL_ESCAPE_STRING_ ? mysql_real_escape_string($string) : addslashes($string); if (!$htmlOK) $string = strip_tags(nl2br2($string)); } return $string; } /** * Convert \n to
* * @param string $string String to transform * @return string New string */ function nl2br2($string) { return str_replace(array("\r\n", "\r", "\n"), '
', $string); } ?>